asc-beta-review

SUSPICIOUS: the skill’s capabilities mostly fit its stated App Store Connect beta-review purpose, but it relies on an unspecified external asc CLI that appears to be a non-Apple third-party tool and forwards sensitive App Store Connect credentials and possible demo-account secrets into it. No overt exfiltration or unrelated access is shown, so this is not confirmed malicious, but install/provenance ambiguity and credential forwarding make it medium risk.